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AMENDMENTS TO THE CLAIMS 

1.-28. (Canceled) 

29. (Currently Amended) A security system for securing access to an operating system of a 
computer having at least a host central processing unit (CPU), computer memory means a 
memory used by the host CPU to load programs from the operating system in order to operate 
the computer, a storage device for storing data to be used by the computer; and a chain of 
components connecting the host CPU to the storage device, the security system comprising: 

a security partition formed in the storage device, the operating system being stored in the 
security partition; and 

blocking means a security device comprising a hardware processor or controller for 
intercepting communications and selectively blocking data-access to operating system data 
between the host CPU and the security partition, wherein the blocking means are security device 
^deployed along the chain of components that connect the host CPU to the storage device 
wherein the security device's processor or controller is distinct from the host CPU . 

30. (Previously Presented) The security system as claimed in claim 29, wherein each 
user of the computer has an associated access profile, each access profile comprising information 
indicative of the level of access to portions of the storage device permitted by a user, and the 
blocking means security device controlling access to the storage device by a user in accordance 
with the access profile associated with the user. 

3 1 . (Previously Presented) The security system as claimed in claim 30, wherein the 
security system is arranged such that at least two different data access profiles are defined, one 
access profile ascribing read and write access to said security partition, and the other access 
profile not ascribing write access to said security partition. 
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32. (Currently Amended) The security system as claimed in claim 29, wherein said blocking 
means security device is independent and separately configurable of said host CPU. 

33. (Currently Amended) The security system as claimed in claim 29, wherein during 
operation of the operating system the security system security device is arranged to divert and 
write operating system files to a location different te- than the security partition so that normal 
operation of the operating system continues even though operating system files in the secure 
partition have not been updated. 

34. (Currently Amended) The security system as claimed in claim 33, wherein the security 
system device is arranged to divert and write operating system files to a flash ROM. 

35. (Previously Presented) The security system as claimed in claim 33, wherein the 
security system is arranged to divert and write operating system files to an invisible partition 
formed in the storage device. 

36. (Currently Amended) The security system as claimed in claim 30, further comprising 
authentication means for authenticating a user of the computer and associating the user with a 
prescribed access profile, said blocking means security device controlling subsequent access to 
the security partition in accordance with the access profile associated with the user. 

37. (Canceled) 

38. (Previously Presented) The security system as claimed in claim 30, wherein said 
security device is configured to block all access by the host CPU to the storage device before 
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initialisation of the security system, and to selectively permit access immediately after said 

initialisation in accordance with a respective access profile. 

39. (Previously Presented) The security system as claimed in claim 38, wherein said 
authentication means enables a software boot of the computer to be effected only after correct 
authentication of a user, and said security system permits normal loading of the operating system 
during the start up sequence of the computer following said software boot. 

40. (Currently Amended) The security system as claimed in claim 29, wherein said blocking 
means is a security device is_physically deployed between an interface adapter and the storage 
device within a data access channel of the chain of components connecting the host CPU and the 
storage device. 

41. (Currently Amended) The security system as claimed in claim 39, wherein said blocking 
means is deployed as logic implemented by security device is integrated in a bridging circuit 
within the chain of components connecting the host CPU and the storage device or within the 
storage device. 

42. (Currently Amended) A method for securing access to an operating system of a 
computer, the computer having at least a host central processing unit (CPU), a storage device for 
storing data to be used by the computer, a chain of components connecting the host CPU to the 
storage device, and memory used by the host CPU to load programs from the operating system in 
order to operate the computer and storage device, the method comprising : 

forming a security partition in the-a_storage device; 
storing the operating system in the security partition; 

loading operating system data from the operating system into a random access memory; 
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using one or more host central processing units (CPUs) to execute programs in the 
operating system based on the operating system data loaded into the random access memory; and 

at a first component deployed along the chain of components connecting the host CPU to 
the storage device, intercepting communications and selectively blocking data-access to 
operating system data between the host CPUs and the security partition at a security device 
deployed along the chain of components connecting the host CPUs to the storage device, 
wherein the security device operates independent of the host CPU . 

43. (Previously Presented) The method as claimed in claim 42, further comprising 
associating each user with an access profile comprising information indicative of the level of 
access to portions of the storage device permitted by a user; and 

for each user, selectively blocking access between the host CPU and the security partition 
in accordance with the access profile defined for the user. 

44. (Previously Presented) The method as claimed in claim 43, further comprising 
defining at least two different access profiles, one access profile ascribing read and write access 
to data stored on said security partition, and the other access profile not ascribing write access to 
said security partition. 

45. (Previously Presented) The method as claimed in claim 43, further comprising 
authenticating a user of the computer, and associating the user with an access profile after 
successful user authentication. 

46. (Previously Presented) The method as claimed in claim 42, wherein said selective 
blocking comprises controlling access between the host CPU and the security partition 
independently of the host CPU. 
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47. (Previously Presented) The method as claimed in claim 42, wherein said selective 
blocking comprises totally blocking access to the storage device by the host CPU during 
initialisation of the computer, and intercepting all said access immediately after said initialisation 
and before loading of the operating system of the computer. 

48. (Previously Presented) The method as claimed in claim 45, including performing a 
software boot of the computer only after correct authentication of the user, and allowing normal 
loading of the operating system during the start up sequence of the computer after said software 
boot. 

49. (Previously Presented) The method as claimed in claim 42, further comprising 
diverting and writing operating system files to a location different to the security partition during 
operation of the operating system so that normal operation of the operating system continues 
even though operating system files in the secure partition have not been updated. 

50. (Previously Presented) The method as claimed in claim 49, wherein the operating 
system files are diverted and written to a flash ROM. 

51. (Previously Presented) The method as claimed in claim 49, wherein the operating 
system files are diverted and written to an invisible partition formed in the storage device. 

52. (Previously Presented) The method as claimed in claim 42, including unalterably 
storing computer programs for effecting said controlling access in a location separate from the 
memory and not addressable by the host CPU. 
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53. (Currently Amended) The method as claimed in claim 42, wherein the first component 

security device is a dedicated hardware device comprising a dedicated CPU for processing the 
intercepted communications and, based on the intercepted communications, determining whether 
to block data access between the host CPU and the security partition. 

54. (Currently Amended) The method as claimed in claim 42, wherein the first component 
security device is integrated into a bridging circuit comprising logic for processing the 
intercepted communications and, based on the intercepted communications, determining whether 
to block data access between the host CPU and the security partition. 
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